Cookie policy: This site uses cookies (small files stored on your computer) to simplify and improve your experience of this website. Cookies are small text files stored on the device you are using to access this website. For more information on how we use and manage cookies please take a look at our privacy and cookie policies. Some parts of the site may not work properly if you choose not to accept cookies.

sections
 

critical controls

Results 1 - 25 of 37Sort Results By: Published Date | Title | Company Name
Published By: Fortinet EMEA     Published Date: Nov 26, 2018
Endpoint devices continue to be one of the favorite targets for cyberattacks. A successfully compromised laptop provides a foothold for a threat to move laterally and infect other endpoints within the organization. To address this critical vulnerability, security leaders must integrate endpoint security into their broader network security architecture. A deep connection between endpoint and network security offers key improvements to holistic enterprise protection. It provides risk-based visibility of all endpoint devices, establishes policy-based access controls, enables real-time threat intelligence sharing, and automates security responses and workflows for effective and efficient protection that conserves time and money.
Tags : 
    
Fortinet EMEA
Published By: Venafi     Published Date: Aug 07, 2015
This paper reveals how not securing all of your keys and certificates enables cybercriminals to bypass controls like threat detection, data protection, firewalls, VPNs, DLP, privileged access, and authentication systems that you expect will mitigate threats.
Tags : 
security, protect keys, security controls, cyber-attacks, cybercriminals, threat detection, data protection, firewalls, authentication, protect digital certificates, reduce risks
    
Venafi
Published By: Venafi     Published Date: Aug 10, 2015
This paper demonstrates a recent attack that used cryptographic keys and digital certificates as well as guidance on how to protect certificates and keys and quickly discover and remediate breaches.
Tags : 
attacks, cyberattacks, protect certificates, how to remediate breaches, security, security applications
    
Venafi
Published By: Venafi     Published Date: Aug 10, 2015
The need for authentication and assurance is great and options are few; therefore, we have come to rely on encrypted SSL/TLS certificates for almost every new application, appliance, device and cloud service.
Tags : 
security controls, security, security applications, ssl/tls certificates, secure connection, security network
    
Venafi
Published By: Venafi     Published Date: Mar 26, 2015
This technical case study addressing key and certificate security issues is designed for security conscious enterprises to understand real-life attack scenarios that threaten their businesses in today’s world. This white paper demonstrates a recent attack that used cryptographic keys and digital certificates as well as guidance on how to protect certificates and keys and quickly discover and remediate breaches. This paper should be read by more technical IT security sta? who are interested in detailed attack methods and remediation tactics. The executive summary is intended for IT Security leaders (CISOs and their direct reports) and addresses the proof-of-concept attack impacts on the business.
Tags : 
secutiry, certificates, keys, security attacks, business
    
Venafi
Published By: Venafi     Published Date: Mar 26, 2015
The SANS 20 Critical Security Controls for Effective Cyber Defense offers a blueprint of prioritized guidance to reduce risk. New updates to the SANS 20 signify the growing need to secure digital certificates and cryptographic keys to preserve trusted communications for all of your critical systems and your organization’s interactions with customers and partners. Too often cyberattacks on keys and certificates are successful because basic security controls are not present or not properly configured. Download the Solution Brief to learn how you can effectively build scalable controls and reduce risk: • Manage the rapid growth in certificates • Gain visibility into where keys and certificates are located • Secure your certificates against cyberattacks • Enforce automation of certificate issuance and renewal
Tags : 
sans 20, security controls, cyber defense, cyber attacks, secure digital certificates, cryptographic keys, automation
    
Venafi
Published By: Venafi     Published Date: Mar 26, 2015
Advanced Persistent Threat (APT) operators have proven they can breach enterprises like yours by undermining your critical security controls when you fail to protect digital certificates and cryptographic keys. Not securing all of your keys and certificates enables cybercriminals to bypass controls like threat detection, data protection, firewalls, VPNs, DLP, privileged access, and authentication systems that you expect will mitigate threats.
Tags : 
keys, certificates, security controls, apt, advances persistent threat, cryptographic keys, cybercriminals, cyber attacks, cyber defense, vpn, dlp, privileged access, authentication systems
    
Venafi
Published By: Venafi     Published Date: Jul 27, 2015
See how APT 18 conducted its proof-of-concept attack, learn how attackers bypassed critical security controls and find out how you can eliminate blind spots, reduce risk, and respond and remediate faster.
Tags : 
security controls, key misuse, certificate misuse, security management, breach prevention, risk reduction, blind spots, exfiltrating data, certificate security, trust protection platform
    
Venafi
Published By: F5 Networks Singapore Pte Ltd     Published Date: May 27, 2019
What you can’t see will hurt you The situation is critical, because the percentage of encrypted user traffic has more than doubled since 2014, exceeding 80 percent, according to F5 Labs' 2017 TLS Telemetry report. So, of course, now there are SSL visibility solutions that provide decryption services allowing those security controls to see what they’re doing. But visibility, by itself, isn’t enough. Security teams and network operations have found that setting up decryption zones is not easy. Security teams often have to resort to manual daisy-chaining or tedious configuration to manage decryption/encryption across the entire security stack. And then they find that exceptions abound. And lastly, you need to scan your inbound and outbound traffic for tomorrow’s threats, and SSL Orchestrator is the tool that lets your security controls keep your organization’s name out of the papers and away from those pesky GDPR fines. Download the eBook to find out how you can gain visibility into e
Tags : 
    
F5 Networks Singapore Pte Ltd
Published By: CA Technologies     Published Date: Jun 01, 2018
Challenge Businesses today must reduce the risk of security breaches to protect the valuable data within their organizations. At the same time, IT auditors are increasingly enforcing ever more stringent requirements on the business. The bottom line is that privileged accounts and privileged access are being targeted by hackers as a new attack surface and focused on by auditors who are insisting on greater controls around privileged accounts. Opportunity The right privileged access management solution provides comprehensive protection for your missioncritical servers with powerful, fine-grained controls over operating system-level access and privileged user actions. Capable of enforcing access controls on powerful native Superuser accounts—like the UNIX® and Linux® root and Microsoft® Windows® administrator—this system-level, host-based privileged access management solution controls, monitors and audits privileged user activity, improving security and simplifying audit and compliance. B
Tags : 
    
CA Technologies
Published By: Mimecast     Published Date: Nov 28, 2017
With the healthcare industry as the #1 target for ransomware attacks, it’s critical to ensure steps are taken to prevent, detect and respond to these attacks without downtime – and without loss of patient data. A multi-layered approach to protective controls – including a Secure Email Gateway (SEG) with advanced threat protection capabilities – will start your healthcare organization on the right path to ransomware resilience. Download and use this top 10 list of how to protect your organization now. Use it as a reference tool for frequent health checks of your own ransomware resilience program.
Tags : 
healthcare, ransomware, ransomware attack, seg, secure email gateway
    
Mimecast
Published By: CA Technologies EMEA     Published Date: Aug 03, 2017
For organizations with additional security requirements for high value servers hosting business-critical assets, CA Privileged Access Manager Server Control provides localized, fine-grained access control and protection over operating system-level access and application-level access. Agent-based, kernel-level protection is available for individual files, folders and specific commands based on policy and/or finedgrained controls on specific hosts.
Tags : 
identity management, privileged user access, secure privileged credentials, secure hybrid it
    
CA Technologies EMEA
Published By: Qualys     Published Date: Feb 17, 2016
It’s not easy being today’s CISO or CIO. With the advent of cloud computing, Shadow IT, and mobility, the risk surface area for enterprises has increased dramatically, while IT budgets have shrunk and skilled cyber security talent is virtually impossible to find. Thankfully, the CIS Top 20 Critical Controls provides a pragmatic approach, offering prioritized guidance on the important steps for implementing basic cyber hygiene practices. With the CIS Top 20 Critical Security Controls, CISOs now have a blueprint for reducing risk and managing compliance. By automating each of these controls, CISOs enable their information security teams to do much more with less, essentially operationalizing good cyber hygiene.
Tags : 
qualys, cis, critical security, cloud computing, cyber security, networking, security, it management, enterprise applications
    
Qualys
Published By: CyrusOne     Published Date: Jul 05, 2016
Data centers help state and federal agencies reduce costs and improve operations. Every day, government agencies struggle to meet critical cost controls with lower operational expenses while fulfilling the Federal Data Center Consolidation Initiative’s (FDCCI) goal. All too often they are finding themselves constrained by their legacy in-house data centers and connectivity solutions that fail to deliver exceptional data center reliability and uptime.
Tags : 
data center, best practices, competitive advantage, productivity
    
CyrusOne
Published By: BlackLine     Published Date: Aug 06, 2018
When did reconciliations become a living nightmare? Demanding deadlines. Strict requirements for review and supporting documentation. Endless piles of reconciliations to approve?that were due yesterday. Reconciliations are one of the most labor-intensive, yet critical controls processes within any organisation. Even the smallest mistake can compromise the integrity of your balance sheet and create discrepancies in your financial close. There is a simpler way to perform your reconciliation process that allows you to focus on analysis, risk mitigation, and exception handling. Join us for this webinar to find out what this is. You will learn how to: Automate daily reconciliations for continuous control and validation Gain better visibility into the quality, accuracy, and timeliness of a reconciliation Develop a seamless and streamlined workflow for preparation, approval, and review
Tags : 
    
BlackLine
Published By: Tripwire     Published Date: Feb 08, 2013
John Gilligan, former CIO of the U.S. Air Force and the U.S. Department of Energy, led the development of this document; it represents a consensus of government and nongovernment experts.
Tags : 
cyberdefender, security, federal, government, sans 20 sc, dhs, defense
    
Tripwire
Published By: Tenable     Published Date: Feb 07, 2018
"Securing the modern attack surface is a critical challenge you must effectively address to reduce cyber exposure and protect your enterprise. By reading this ebook you’ll learn what’s working – and what’s not – from 29 global infosec leaders, representing a diverse array of industries and perspectives. Download your copy today for insights and lessons learned about: - Securing a dynamic IT environment - Rethinking security for cloud environments - Moving security to the application layer - Focusing on data security - Automating security testing and controls"
Tags : 
secure devops, web application security, attack surface, cloud, container security, ciso, cyber, experts, ebook
    
Tenable
Published By: Tenable     Published Date: Jan 25, 2019
"This whitepaper from the SANS Institute focuses on the growing use and benefits derived from information technology (IT) and operational technology (OT) convergence which includes more effective management and operation of contemporary control systems. IT/OT convergence carries unique challenges that make managing and securing an industrial control system (ICS) more difficult. This is due to greater technical complexity, expanded risks and new threats to more than just business operations. This paper explores the issues that arise with the blending of IT and OT into combined cyber-physical systems where risks must be identifed and managed. Download this report to get answers to these questions: -Why are digital asset inventories critical for IT/OT security risk management? -How does knowledge about risks and vulnerabilities to IT/OT systems lead to better risk management? -Can applying even a few of Center for Internet Security (CIS) Controls make a marked difference in the securit
Tags : 
    
Tenable
Published By: Panasonic     Published Date: Apr 23, 2019
Mobility is critical to government productivity, but mobile data and devices present attractive targets to cybercriminals seeking to exploit vulnerabilities across the spectrum. Federal agencies are no strangers to cybersecurity attacks, and several recent high-profile breaches involving mobile devices demonstrate ongoing vulnerabilities in government’s expanding network of endpoints. This issue brief describes what can be done to protect devices, data and networks, including multi-factor authentication to authorization controls and user education.
Tags : 
    
Panasonic
Published By: McAfee     Published Date: Apr 16, 2014
This SANS white paper explores how to weave together and correlate information from disparately managed systems and bring visibility to their behavior with accurate, actionable reporting.
Tags : 
sans, siem, information and event correlation, critical security controls, reporting, security
    
McAfee
Published By: NetIQ     Published Date: Dec 23, 2010
This white paper provides the steps to successfully implement the critical security controls listed in the CAG in order to avoid "adding another checklist" to an already overburdened and underfunded organization that is struggling to meet growing security and compliance demands. It also describes how NetIQ can help federal agencies implement and automate these controls.
Tags : 
netiq, consensus audit guideline, cag, security control, federal agencies, cyber security, information security management
    
NetIQ
Published By: Qualys     Published Date: Nov 05, 2013
The SANS 20 Critical Security Controls are known for driving effective security programs across government agencies, establishing guidelines for security professionals to ensure the confidentiality, integrity and availability of information technology assets. This paper describes how automating these controls using QualysGuard can protect your organization with continuous security while drastically lowering costs.
Tags : 
automation, cyber security, critical controls, malware defense, application software security, data recovery, compliance applications, qualysguard
    
Qualys
Published By: Alert Logic and Rackspace     Published Date: Jun 20, 2014
To achieve PCI DSS compliance, you must identify and remediate all critical vulnerabilities detected during PCI scans. Threat Manager streamlines this process by providing simple, actionable reports that detail vulnerabilities and recommendations. There is also a Dispute Wizard that helps document compensating controls that are in place to remediate specific vulnerabilities. PCI scans include the following reports: Executive Summary: Overview of scan results and a statement of compliance or non-compliance. Vulnerability Details: Provides a detailed description, list of impacted hosts,risk level and remediation tips for each vulnerability found. Attestation of Scan Compliance: Overall summary of network posture, compliance status and assertion that the scan complies with PCI requirements.
Tags : 
alert logic, rackspace, pci, pci dss, payment security, compliance, cloud pci, security, it management
    
Alert Logic and Rackspace
Published By: Alert Logic and Sungard Availability Services     Published Date: Jun 20, 2014
To achieve PCI DSS compliance, you must identify and remediate all critical vulnerabilities detected during PCI scans. Threat Manager streamlines this process by providing simple, actionable reports that detail vulnerabilities and recommendations. There is also a Dispute Wizard that helps document compensating controls that are in place to remediate specific vulnerabilities. PCI scans include the following reports: Executive Summary: Overview of scan results and a statement of compliance or non-compliance. Vulnerability Details: Provides a detailed description, list of impacted hosts, risk level and remediation tips for each vulnerability found. Attestation of Scan Compliance: Overall summary of network posture, compliance status and assertion that the scan complies with PCI requirements.
Tags : 
alert logic, sungard, pci, pci dss, payment security, compliance, cloud pci, security, it management
    
Alert Logic and Sungard Availability Services
Published By: Qualys     Published Date: Jan 11, 2017
It’s not easy being today’s CISO or CIO. With the advent of cloud computing, Shadow IT, and mobility, the risk surface area for enterprises has increased dramatically, while IT budgets have shrunk and skilled cyber security talent is virtually impossible to find.
Tags : 
information security, it compliance, it audit, it security, network security, web application security, application security
    
Qualys
Previous   1 2    Next    
Search      

Related Topics

Add Research

Get your company's research in the hands of targeted business professionals.